Ho Ho ho! Hackers prefer to work at Christmas
By Asavin Wattanajantra in Editorial
Posted in Defcon, hackers, Christmas on
According to the hacker community, you’re more likely to be targeted at Christmas and New Year than at any other time.
At the annual hacker conference Defcon 17 in Las Vegas, most of the 79 hackers surveyed said they would be more active during the winter holidays, with a little more than half saying than Christmas was the best time to engage in corporate hacking.
In a survey of 79 - which really isn’t very many people for a proper survey - but I guess it makes common sense. According to the company that published the survey, it was ‘received knowledge’ that the Christmas and New Year seasons were popular with western hackers.
Chief security architect Michael Hamelin of Tufin Technologies (which carried out the survey) said: “Hackers know this is when people relax and let their hair down, and many organisations run on a skeleton staff over the holiday period.”
Not yet rated
Loading ...
What to do if your website gets hacked
By Asavin Wattanajantra in Editorial
Posted in SQL injection, website, hackers, hacking on
SQL injections have been a big focus of mine this week - previously I blogged about how the theft of 130 million debit and credit cards were alleged to have been carried out using SQL injection techniques, and I followed it up with some reasons how it became large-scale.
Perhaps because of this media attention, HP has released some advice about what to do if Google detects that your website is hosting malware.
It says: “A frightening trend with SQL injection attacks concerns how an attacker will insert links to javascript content used to serve malicious links that may automatically compromise the users of this website.
“When this happens, Google will automatically detect this and actively deter users from visiting your website.”
HP has published some basic recovery steps that may ensure that all content that was modified by attacker has been removed.
- Disconnect from the internet
- Backup he entire site and backend database.
- Save all logs and analyse them.
- Change all authentication - the attacker is likely to have stolen the credentials needed for website access.
- Reinstall OS (this is more of a precaution).
- Restore previous backups.
- Perform simple code audits.
- Turn the site back on.
More information can be found here.
It does have a disclaimer that this isn’t legal advice and if monetary problems occur, consider hiring a consultant and notifying the proper authorities.
Not yet rated
Loading ...
130 million card numbers were stolen by SQL injection
By Asavin Wattanajantra in Editorial
We’ve already covered the ‘largest identity hack’ case in some depth, but here are a few more details of the hack that comes from the press release issued by the Department of Justice (DOJ).
According to the information given, the conspirators used a ‘SQL injection technique’, which it said “seeks to exploit computer networks by finding a way around the network’s firewall to steal credit card information”.
We’ve covered a number of stories about SQL injections before, but never anything on this kind of scale financially. It’ll be interesting to see what other details emerge about the technical aspects of the attack.
Not yet rated
Loading ...
Hiring hackers for national security? You’re havin’ a laff!
By Asavin Wattanajantra in Editorial
Posted in national security, hackers, hacking, government, Security on
I wasn’t there to see the first statements of the new Cyber Security minister Lord West, but according to reports he admitted that the government has hired a team of former “naughty boy hackers” for its new Cyber Security Operations Centre.
The BBC quotes him as saying: “You need youngsters who are deep into this stuff… If they have been slightly naughty boys, very often they really enjoy stopping other naughty boys.”
OK - first up these are fine words for a Cyber Security Minister. Naughty boys? - I’ve only been writing on security for the last year and a half, but I already realise that many of the criminals he’s talking about aren’t ‘naughty boys’ - they are hardened criminals fully intent on making as much profit as possible.
I get the feeling he’s one of those people who don’t think that cyber criminals are ‘real’ criminals because they play on the computer. And this is somebody the government has employed to oversee its cyber security. Great.
And he’s employed hackers with criminal records? This is all well and good in a movie, but as security expert Rik Ferguson notes, the government has actually hired a team of people who have committed criminal acts and given them jobs.
He also makes the point that if you’re going to hire hackers to stop hackers, then why employ the naughty crap ones who managed top get caught? - or ’script-kiddies’ as Ferguson puts it - the laughing stock. Yep, Lord West - good choice!
Even if this is just misquoting or taken out of context, it’s a little worrying that the Cyber Security Minister himself seems to be so inept at understanding the real problems of IT security. Last week I wrote a feature on what the basic qualifications a Cyber Security Minister might actually need - I don’t think Lord West ticks any of the boxes.
Maybe it was the case that none of the ministers around Gordon Brown had the technological expertise or IT training for this role. In this case they really should have simply found one. I mentioned John Suffolk, government chief information officer, as somebody who had the technology knowledge for the role.
It might be the case that Neil Thompson, the prospective new director for the Office of Cyber Security, might be the person who really will shape the cyber security of Britain. As security expert Graham Cluley said in my feature, maybe its good to have an unknown person in the role who will knock heads together and do what’s needed.
But hopefully he won’t be listening to the ‘Cyber Security Minister’ Lord West. He may be all well and good when it comes to knowledge of actual physical warfare - but cyber war is a completely different beast. Hope you know what you’re doing Gordon.
Not yet rated
Loading ...
Tag cloud
Most commented posts
- Ten reasons why people are leaving MySpace
42 comments
- My Michael Jackson blog post
- Ten reasons why World of Warcraft is better than Second Life
- Facebook user arrested for poking somebody
- What should the staff writer have as his smartphone?
- Twitter didn't actually get hacked - Google did
- Microsoft sues firm for instant messaging spam
- Joining the sheep - I'm getting an iPhone
- Beware of hacked Facebook applications
- Reporting internet child abuse
Highest Rated Blog Posts
- Ten tips to avoid your satnav driving you over a cliff (100%)
- Does unfiltered internet 'disturb children'? (100%)
- The brain-controlled laptop computer (100%)
- Why Twitter is a better news tool than Digg (100%)
- Apple and its obsession with secrecy (100%)
- Twitter isn't for teenagers? It's common sense. (100%)
- Farming and becoming a Godfather with Facebook (100%)
- Orange and the iPhone - competition is a good thing (100%)
- Bendy phones straight out of the future (93.4%)
- How Pirate Bay sticks two fingers up at the industry (80%)
